In a statement, Siemens said it was notified of the issue by the Department of Homeland Security's Industrial Control Systems Computer Emergency Response Team (ICS-CERT) earlier this week. The vulnerability stems from a hard-coded RSA SSL private key in RuggedCom's Rugged Operating System (ROS) that gives attackers a way to decrypt traffic between an end user and the router.

According to ICS-CERT, the hard-coded key can be used by attackers to launch malicious communications against RuggedCom network devices.

"Specialists from Siemens and RuggedCom are investigating this issue and will provide information updates as soon as they become available," the company said, without specifying when that might happen. Siemens acquired RuggedCom earlier this year.

ICS-CERT on Wednesday issued an alert warning operators of industrial control networks about the problem. The alert urged administrators to ensure that control system devices are not connected directly to the Internet and to make sure all control system networks and devices are behind firewalls.

"If remote access is required, employ secure methods, such as Virtual Private Networks (VPNs), recognizing that VPN is only as secure as the connected devices," ICS-CERT warned.